Security in Tableau Server

Click on a header to view more.

Authentication

  • Tableau Server is configured to authenticate with Shibboleth/SAML single sign-on and to pull in user info. (First name, Last name) from Rice active directory. Users login with netid/password
  • Netid password changes when a user leaves Rice, they will no longer be able to login to Tableau Server
  • User account in Tableau server is deleted/unlicensed from HR termination email (a user cannot be deleted if that user owns a report on server, the reports can be transferred to another owner; in case of no new owner then sys. admin can change the user to ‘unlicensed’ status)
  • When a user changes to different department or position, OIT also receives an email from HR. OIT contacts the project leader of the department for modification of the Tableau group membership
Authorization

Site Permission Roles

  • Server Administrator
  • Site Administrator
  • Publisher (everyone with desktop license at Rice)
  • Interactor (everyone who login to dataviz at Rice but does not own a desktop license)
  • Viewer
  • Viewer (can publish)

Project-based Permissions

  • A project manager can lock the permissions at the Project folder level
  • Publisher cannot change the permission
  • The permission settings are applied to all workbooks, views and data sources
  • Project manager or server/site admin. need to change the permission settings

Permissions managed by the owner

  • Permissions are set at the workbooks or views level
  • Workbooks with tabbed views cannot set the permission at the view level

Permissions capabilities

  • Users are generally grouped in viewers, interactors, publishers, etc. but the content owner can set a specific (custom) ‘capabilities’ for each user or group

Capabilities details

  • Viewers
    • View, Download Image/pdf, Download Summary Data, View Comments and Add Comments
  • Interactors
    • All viewers permissions plus Filter, Download Full Data, Share Customized (can save customizations they’ve made to a view and share with others to see), and Web Edit
  • Publisher
    • All interactors permissions plus Save, Download Workbook/Save As, Move, Delete
  • Project Manager
    • All publishers permission plus set user’s permission.
Data Sources Security & User Filters

What is a Data Source? A Connection information to a database, e.g.

  • Oracle connection to a view in data warehouse database for OTR (Data in Oracle database)
  • Extracted data from Excel file or a database and converted into Tableau Data Extract (Data on Tableau Server, can schedule to refresh from source)
  • Web Data Connector, e.g. extracted data from web-based data source like Google Analytics or Qualtrics survey data (Data on Tableau Server, refresh from schedule server)

Security on Data Sources consist of:

  • Database login account
  • Authentication modes:
    • Prompt user
    • Embedded credentials
  • User filters

User Filters

  • User filters allow you to create a customized view based on the user.
  • Watch a 5 minute video introduction to user filters
  • Two Approaches:
    • Manually: manually creating user filters that define the specific data each user can access – a convenient method, but not automated.
    • Automatically: by creating a calculated field that automatically defines whether a user can access the data. This method requires that the underlying data source already has row-level security information.
Network Security
Components


Clients:

  • a web browser, Tableau desktop, Tableau Mobile, the tabcmd utility or Tableau API
  • Tableau Server to your database(s)To refresh data extract or handle live connections

Rice Network Information

  • dataviz.rice.edu is only available on Rice network (requires VPN for off campus access)
  • Tableau server to access the databases requires firewall rules (Data Warehouse (DW) databases are already configured to allow connection)
  • ETL process to load the data from any sources to DW databases

Still need help?